]>
Commit | Line | Data |
---|---|---|
1 | pkgs: | |
2 | let | |
3 | cfg = name': { config, lib, pkgs, name, ... }: lib.mkIf (name == name') { | |
4 | users.users."${config.services.opendmarc.user}".extraGroups = [ "keys" ]; | |
5 | systemd.services.opendmarc.serviceConfig.Slice = "mail.slice"; | |
6 | services.opendmarc = { | |
7 | enable = true; | |
8 | socket = "local:${config.myServices.mail.milters.sockets.opendmarc}"; | |
9 | configFile = pkgs.writeText "opendmarc.conf" '' | |
10 | AuthservID HOSTNAME | |
11 | FailureReports false | |
12 | FailureReportsBcc postmaster@immae.eu | |
13 | FailureReportsOnNone true | |
14 | FailureReportsSentBy postmaster@immae.eu | |
15 | IgnoreAuthenticatedClients true | |
16 | IgnoreHosts ${config.secrets.fullPaths."opendmarc/ignore.hosts"} | |
17 | SoftwareHeader true | |
18 | SPFIgnoreResults true | |
19 | SPFSelfValidate true | |
20 | UMask 002 | |
21 | ''; | |
22 | group = config.services.postfix.group; | |
23 | }; | |
24 | services.filesWatcher.opendmarc = { | |
25 | restart = true; | |
26 | paths = [ | |
27 | config.secrets.fullPaths."opendmarc/ignore.hosts" | |
28 | ]; | |
29 | }; | |
30 | secrets.keys = [ | |
31 | { | |
32 | dest = "opendmarc/ignore.hosts"; | |
33 | user = config.services.opendmarc.user; | |
34 | group = config.services.opendmarc.group; | |
35 | permissions = "0400"; | |
36 | text = let | |
37 | mxes = lib.attrsets.filterAttrs | |
38 | (n: v: v.mx.enable) | |
39 | config.myEnv.servers; | |
40 | in | |
41 | builtins.concatStringsSep "\n" ([ | |
42 | config.myEnv.mail.dmarc.ignore_hosts | |
43 | ] ++ lib.mapAttrsToList (n: v: v.fqdn) mxes); | |
44 | } | |
45 | ]; | |
46 | }; | |
47 | in | |
48 | pkgs.lib.genAttrs ["eldiron" "backup-2"] cfg | |
49 |